Finjan Blog

KRACK Wi-Fi Vulnerability

Accepted as the current standard for the secure encryption of Wi-Fi networks, Wi-Fi Protected Access 2 or WPA2 has for some time been the automatic choice for users wishing to set up a wireless access point that’s free from the threat of eavesdroppers. But as with all things in the digital realm, evolving methods and technologies can and do conspire to make previously trusted protocols and applications obsolete or downright dangerous, in the face of emerging cyber-threats.

So it should come as little surprise that a security researcher in Belgium has recently discovered a weakness in the cryptographic protocols used within WPA2 – one that can potentially enable an attacker to read and extract data from a protected Wi-Fi network, or even to manipulate the information that’s being transmitted.

The vulnerability has been given the designation “Krack” or KRACK – a sort of acronym which can be derived from its components of a Key Reinstallation Attack inserting Cryptographic Keys – and this article explores the background to its discovery, its possible effects, and some recommendations to protect yourself from it.

WPA2 and the Four-Way Handshake

The WPA2 protocol operates under a procedure known as a “four-way handshake.” It’s essentially a process to ensure that the Wi-Fi network provider and any user attempting to connect at an access point share matching credentials. This requires the user to know the correct network password.

The first two stages of the handshake involve the exchange of credentials and authenticating information between the network host and the connecting user.

The Critical Third Step

During the third exchange of the four-part process, a new encryption key is generated to protect the user’s session. And it’s this stage of the handshaking protocol that presents eavesdroppers with their opportunity to insert themselves into the information exchange.

Krack – Discovering the Flaw

Working in conjunction with Frank Piessens, a computer science professor at the University of Leuven, Belgium (KU Leuven), security researcher Mathy Vanhoef put the WPA2 protocol under the microscope, and uncovered a flaw which Vanhoef calls a Key Reinstallation Attack.

During the four-way handshake, this vulnerability allows an attacker to interfere with or record and replay the third transmission – which then enables them to reinstall a cryptographic key that’s already been used on the network, and recognized as valid.

Reuse of a key also resets the counters for how many packets of data have been sent and received for that particular key. This in turn empowers the attacker to replay and decrypt data packets, and even to rewrite them or forge new ones, if the conditions are favorable.

Inserting the Krack

KRACK exploits a contingency mechanism of the WPA2 protocol, which was put in place to prevent a four-way handshake from collapsing, even if the third communication gets lost or dropped.

Krack attacks don’t actually violate the IEEE 802.11i Standard (the more formal designation for WPA2). Nor do they contradict the mathematical proof published by the Wi-Fi Alliance industry working group (authors of WPA2), establishing the security of the four-way handshake protocol.

Krack attacks don’t leak any encryption keys, and remain private. This effectively lulls WPA2 into a false sense of security, and allows the other stages of the handshake to proceed and verify the identity of an access point, and the targeted user.

The Extent of the Damage

So, rather than an individual software product or device flaw, KRACK is actually baked into an existing industry standard – and therefore has the capacity to affect everything that operates under Wi-Fi Protected Access 2. This runs the full gamut from operating systems, connecting hardware, and network infrastructure, through to Wi-Fi enabled devices, software, and consumer goods.

Though most current versions of iOS and Windows aren’t vulnerable (due to Apple and Microsoft’s own implementation of the four-way handshake, which prohibits resending of the third message), Linux and Android devices remain at risk – along with an entire ecosystem of embedded sensors and Internet of Things (IoT) devices from the likes of Linksys and similar companies.

Krack – An Alternative View

Some security experts remain unconvinced of the Doomsday potential of this vulnerability. Speaking to SearchSecurity, Martijn Grooten, a security researcher at Virus Bulletin, offers a less apocalyptic view of the KRACK phenomenon. He describes the efforts of the Belgian research group as:

“great work, important find, do patch when you can, but don’t panic, it’s unlikely going to have a big impact for you.”

In a similar vein, UK-based security architect Kevin Beaumont went on Twitter to claim that the WPA2 vulnerability is “very difficult to exploit.” In a later blog post, Beaumont went further, to state that:

“The attack realistically doesn’t work against Windows or iOS devices… There is currently no publicly available code out there to attack this in the real world… You would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.”

This last point is in keeping with what we know about the actual logistics of staging a Krack assault on a wireless connection, and the need for physical proximity to the target (within a few hundred feet, if the attacker uses a boosting antenna).

But those downplaying the scale of the Krack threat remain in the minority. And given the ingenuity of cyber-criminals, and the rate of evolution of exploit technology and malware, it’s advisable for Wi-Fi providers and users alike to take all necessary precautions.

Krack – Steps Toward Safety

Vanhoef and Piessens had the courtesy to delay the public release of their research findings until hardware manufacturers and other key industry players were warned about the exploit. So several of the big names have already taken or are planning on taking actions to pre-empt a rash of Krack incidents.

Microsoft has already released a patch, with system updates available for Windows 10 and those prior versions of the operating system that are still being supported.
WPA2 vulnerability patches are also available for macOS and Linux.

Google’s Krack patch for Android was scheduled for November 6th, 2017 – but this will only go out automatically to the latest stock of devices on the shelves. An update for iOS hardware is already available, generally.

“now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.”

This is intended to ensure that any future Wi-Fi devices manufactured will be free of the vulnerability – but it doesn’t address the issue of what’s out there already.

Practical Concerns

Until more efficient methods of patch distribution are put in place, users are dependent on the mercy of manufacturers and software vendors.

Those in the Android ecosystem are particularly at risk, as no reliable means of patching devices that weren’t included in the initial update schedule (which means, the vast majority of Android users) has yet been proposed.

If you’re an Android user, disable Wi-Fi and use mobile data for any online activity that you especially want to protect from eavesdropping.

When connecting to Wi-Fi, use a Virtual Private Network (VPN). This will add a layer of encryption to your entire data stream – and make it that much harder for potential snoops to decipher what you’re doing.

Corporate users and large institutions should segment their networks, so that any compromise to one section of the system doesn’t affect all the others. Isolating Wi-Fi clients from each other (so that they can’t inter-connect or communicate) and applying a multi-layered approach to network security will also help.

Share this Post

Summary

Article Name

Krack Wi-Fi Vulnerability | What You Need to Know to Stay Safe on Wi-Fi

Description

Key Reinstallation Attack inserting Cryptographic Keys - background to its discovery, its possible effects, and some recommendations to protect yourself.